mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V3.0 to HEAD
11498: Improvements to DM ACL upgrade
11502: Edit Details button text updated to Edit Site Details to avoid confusion
11503: ETHREEOH-577 - It is possible to create empty comment at document details page
11504: ETHREEOH-576 - Cannot create calendar event with name containing certain characters such as : /
11505: Merged V2.2 to V3.0
11337: Tidy up the deletion of unused ACEs when authorities are deleted - ETWOTWO-749
11339: Fix permission checks under RunAs to use the effective user's groups - ETWOTWO-753
11506: Fixed ETHREEOH-579: RuntimeExec can not handle commands and arguments that contains spaces
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12448 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
@@ -790,6 +790,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
}
|
||||
}
|
||||
}
|
||||
auths.addAll(authorityService.getAuthoritiesForUser(user.getUsername()));
|
||||
return auths;
|
||||
}
|
||||
|
||||
|
||||
@@ -156,15 +156,15 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
|
||||
runAs("admin");
|
||||
permissionService.setPermission(folder, "andy", PermissionService.ALL_PERMISSIONS, true);
|
||||
|
||||
|
||||
FileFolderServiceImpl.makeFolders(serviceRegistry.getFileFolderService(), folder, pathElements, ContentModel.TYPE_FOLDER);
|
||||
|
||||
}
|
||||
|
||||
public void testRunAsRealAndEffectiveUsers()
|
||||
public void testRunAsRealAndEffectiveUsersWithPriorAuthentication()
|
||||
{
|
||||
runAs("admin");
|
||||
|
||||
@@ -197,6 +197,201 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
|
||||
}
|
||||
|
||||
public void testNestedRunAsRealAndEffectiveUsersWithPriorAuthentication()
|
||||
{
|
||||
runAs("admin");
|
||||
|
||||
final NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
|
||||
runAs("andy");
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "andy");
|
||||
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "admin");
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "lemur");
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "admin");
|
||||
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
}
|
||||
|
||||
public void testRunAsRealAndEffectiveUsersWithNoPriorAuthentication()
|
||||
{
|
||||
runAs("admin");
|
||||
|
||||
final NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
|
||||
AuthenticationUtil.clearCurrentSecurityContext();
|
||||
|
||||
assertNull(AuthenticationUtil.getCurrentRealUserName());
|
||||
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
return null;
|
||||
}
|
||||
}, "admin");
|
||||
|
||||
assertNull(AuthenticationUtil.getCurrentRealUserName());
|
||||
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
}
|
||||
|
||||
|
||||
public void testNestedRunAsRealAndEffectiveUsersWithNoPriorAuthentication()
|
||||
{
|
||||
runAs("admin");
|
||||
|
||||
final NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
|
||||
AuthenticationUtil.clearCurrentSecurityContext();
|
||||
|
||||
assertNull(AuthenticationUtil.getCurrentRealUserName());
|
||||
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.ALLOWED);
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
||||
{
|
||||
|
||||
public Object doWork() throws Exception
|
||||
{
|
||||
assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.CONTRIBUTOR)) == AccessStatus.DENIED);
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("andy", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "andy");
|
||||
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "admin");
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("lemur", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "lemur");
|
||||
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentRealUserName());
|
||||
assertEquals("admin", AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
return null;
|
||||
}
|
||||
}, "admin");
|
||||
|
||||
assertNull(AuthenticationUtil.getCurrentRealUserName());
|
||||
assertNull(AuthenticationUtil.getCurrentEffectiveUserName());
|
||||
|
||||
|
||||
}
|
||||
|
||||
public void testDefaultModelPermissions()
|
||||
{
|
||||
runAs("admin");
|
||||
|
||||
Reference in New Issue
Block a user